http://stackoverflow.com/questions/1935479/do-javas-inner-classes-pose-a-security-risk
This information is a around a decade out of date. The widespread use of anonymous inner classes with
AccessController.doPrivileged should be a clue. (If you don't like the API, consider the proportion of try-finally blocks that are incorrectly missing in the JDK.)The policy is that no two class can share the same package if they are loaded by different class loaders or have different certificates. For more protection, mark packages as sealed in the manifest of your jars. So, from a security standpoint, "Rule 4" is bogus
Sun's Secure Coding Guidelines for Java
http://java.sun.com/security/seccodeguide.htmlironic to see "Guideline 0-3 Avoid duplication" in above and yet
Duplicates abound in JDK 1.4 source code
